1 /* $OpenBSD: cryptodev.c,v 1.52 2002/06/19 07:22:46 deraadt Exp $ */ 2 3 /*- 4 * Copyright (c) 2001 Theo de Raadt 5 * Copyright (c) 2002-2006 Sam Leffler, Errno Consulting 6 * Copyright (c) 2014-2021 The FreeBSD Foundation 7 * All rights reserved. 8 * 9 * Portions of this software were developed by John-Mark Gurney 10 * under sponsorship of the FreeBSD Foundation and 11 * Rubicon Communications, LLC (Netgate). 12 * 13 * Portions of this software were developed by Ararat River 14 * Consulting, LLC under sponsorship of the FreeBSD Foundation. 15 * 16 * Redistribution and use in source and binary forms, with or without 17 * modification, are permitted provided that the following conditions 18 * are met: 19 * 20 * 1. Redistributions of source code must retain the above copyright 21 * notice, this list of conditions and the following disclaimer. 22 * 2. Redistributions in binary form must reproduce the above copyright 23 * notice, this list of conditions and the following disclaimer in the 24 * documentation and/or other materials provided with the distribution. 25 * 3. The name of the author may not be used to endorse or promote products 26 * derived from this software without specific prior written permission. 27 * 28 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 29 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 30 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 31 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 32 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 33 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 34 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 35 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 36 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 37 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 38 * 39 * Effort sponsored in part by the Defense Advanced Research Projects 40 * Agency (DARPA) and Air Force Research Laboratory, Air Force 41 * Materiel Command, USAF, under agreement number F30602-01-2-0537. 42 */ 43 44 #include <sys/cdefs.h> 45 __FBSDID("$FreeBSD$"); 46 47 #include <sys/param.h> 48 #include <sys/systm.h> 49 #include <sys/malloc.h> 50 #include <sys/mbuf.h> 51 #include <sys/lock.h> 52 #include <sys/mutex.h> 53 #include <sys/proc.h> 54 #include <sys/sysctl.h> 55 #include <sys/errno.h> 56 #include <sys/random.h> 57 #include <sys/conf.h> 58 #include <sys/kernel.h> 59 #include <sys/module.h> 60 #include <sys/fcntl.h> 61 #include <sys/bus.h> 62 #include <sys/sdt.h> 63 #include <sys/syscallsubr.h> 64 65 #include <opencrypto/cryptodev.h> 66 #include <opencrypto/xform.h> 67 68 SDT_PROVIDER_DECLARE(opencrypto); 69 70 SDT_PROBE_DEFINE1(opencrypto, dev, ioctl, error, "int"/*line number*/); 71 72 #ifdef COMPAT_FREEBSD12 73 /* 74 * Previously, most ioctls were performed against a cloned descriptor 75 * of /dev/crypto obtained via CRIOGET. Now all ioctls are performed 76 * against /dev/crypto directly. 77 */ 78 #define CRIOGET _IOWR('c', 100, uint32_t) 79 #endif 80 81 /* the following are done against the cloned descriptor */ 82 83 #ifdef COMPAT_FREEBSD32 84 #include <sys/mount.h> 85 #include <compat/freebsd32/freebsd32.h> 86 87 struct session_op32 { 88 uint32_t cipher; 89 uint32_t mac; 90 uint32_t keylen; 91 uint32_t key; 92 int mackeylen; 93 uint32_t mackey; 94 uint32_t ses; 95 }; 96 97 struct session2_op32 { 98 uint32_t cipher; 99 uint32_t mac; 100 uint32_t keylen; 101 uint32_t key; 102 int mackeylen; 103 uint32_t mackey; 104 uint32_t ses; 105 int crid; 106 int ivlen; 107 int maclen; 108 int pad[2]; 109 }; 110 111 struct crypt_op32 { 112 uint32_t ses; 113 uint16_t op; 114 uint16_t flags; 115 u_int len; 116 uint32_t src, dst; 117 uint32_t mac; 118 uint32_t iv; 119 }; 120 121 struct crypt_aead32 { 122 uint32_t ses; 123 uint16_t op; 124 uint16_t flags; 125 u_int len; 126 u_int aadlen; 127 u_int ivlen; 128 uint32_t src; 129 uint32_t dst; 130 uint32_t aad; 131 uint32_t tag; 132 uint32_t iv; 133 }; 134 135 #define CIOCGSESSION32 _IOWR('c', 101, struct session_op32) 136 #define CIOCCRYPT32 _IOWR('c', 103, struct crypt_op32) 137 #define CIOCGSESSION232 _IOWR('c', 106, struct session2_op32) 138 #define CIOCCRYPTAEAD32 _IOWR('c', 109, struct crypt_aead32) 139 140 static void 141 session_op_from_32(const struct session_op32 *from, struct session2_op *to) 142 { 143 144 memset(to, 0, sizeof(*to)); 145 CP(*from, *to, cipher); 146 CP(*from, *to, mac); 147 CP(*from, *to, keylen); 148 PTRIN_CP(*from, *to, key); 149 CP(*from, *to, mackeylen); 150 PTRIN_CP(*from, *to, mackey); 151 CP(*from, *to, ses); 152 to->crid = CRYPTOCAP_F_HARDWARE; 153 } 154 155 static void 156 session2_op_from_32(const struct session2_op32 *from, struct session2_op *to) 157 { 158 159 session_op_from_32((const struct session_op32 *)from, to); 160 CP(*from, *to, crid); 161 CP(*from, *to, ivlen); 162 CP(*from, *to, maclen); 163 } 164 165 static void 166 session_op_to_32(const struct session2_op *from, struct session_op32 *to) 167 { 168 169 CP(*from, *to, cipher); 170 CP(*from, *to, mac); 171 CP(*from, *to, keylen); 172 PTROUT_CP(*from, *to, key); 173 CP(*from, *to, mackeylen); 174 PTROUT_CP(*from, *to, mackey); 175 CP(*from, *to, ses); 176 } 177 178 static void 179 session2_op_to_32(const struct session2_op *from, struct session2_op32 *to) 180 { 181 182 session_op_to_32(from, (struct session_op32 *)to); 183 CP(*from, *to, crid); 184 } 185 186 static void 187 crypt_op_from_32(const struct crypt_op32 *from, struct crypt_op *to) 188 { 189 190 CP(*from, *to, ses); 191 CP(*from, *to, op); 192 CP(*from, *to, flags); 193 CP(*from, *to, len); 194 PTRIN_CP(*from, *to, src); 195 PTRIN_CP(*from, *to, dst); 196 PTRIN_CP(*from, *to, mac); 197 PTRIN_CP(*from, *to, iv); 198 } 199 200 static void 201 crypt_op_to_32(const struct crypt_op *from, struct crypt_op32 *to) 202 { 203 204 CP(*from, *to, ses); 205 CP(*from, *to, op); 206 CP(*from, *to, flags); 207 CP(*from, *to, len); 208 PTROUT_CP(*from, *to, src); 209 PTROUT_CP(*from, *to, dst); 210 PTROUT_CP(*from, *to, mac); 211 PTROUT_CP(*from, *to, iv); 212 } 213 214 static void 215 crypt_aead_from_32(const struct crypt_aead32 *from, struct crypt_aead *to) 216 { 217 218 CP(*from, *to, ses); 219 CP(*from, *to, op); 220 CP(*from, *to, flags); 221 CP(*from, *to, len); 222 CP(*from, *to, aadlen); 223 CP(*from, *to, ivlen); 224 PTRIN_CP(*from, *to, src); 225 PTRIN_CP(*from, *to, dst); 226 PTRIN_CP(*from, *to, aad); 227 PTRIN_CP(*from, *to, tag); 228 PTRIN_CP(*from, *to, iv); 229 } 230 231 static void 232 crypt_aead_to_32(const struct crypt_aead *from, struct crypt_aead32 *to) 233 { 234 235 CP(*from, *to, ses); 236 CP(*from, *to, op); 237 CP(*from, *to, flags); 238 CP(*from, *to, len); 239 CP(*from, *to, aadlen); 240 CP(*from, *to, ivlen); 241 PTROUT_CP(*from, *to, src); 242 PTROUT_CP(*from, *to, dst); 243 PTROUT_CP(*from, *to, aad); 244 PTROUT_CP(*from, *to, tag); 245 PTROUT_CP(*from, *to, iv); 246 } 247 #endif 248 249 static void 250 session2_op_from_op(const struct session_op *from, struct session2_op *to) 251 { 252 253 memset(to, 0, sizeof(*to)); 254 memcpy(to, from, sizeof(*from)); 255 to->crid = CRYPTOCAP_F_HARDWARE; 256 } 257 258 static void 259 session2_op_to_op(const struct session2_op *from, struct session_op *to) 260 { 261 262 memcpy(to, from, sizeof(*to)); 263 } 264 265 struct csession { 266 TAILQ_ENTRY(csession) next; 267 crypto_session_t cses; 268 volatile u_int refs; 269 uint32_t ses; 270 struct mtx lock; /* for op submission */ 271 272 const struct enc_xform *txform; 273 int hashsize; 274 int ivsize; 275 276 void *key; 277 void *mackey; 278 }; 279 280 struct cryptop_data { 281 struct csession *cse; 282 283 char *buf; 284 char *obuf; 285 char *aad; 286 bool done; 287 }; 288 289 struct fcrypt { 290 TAILQ_HEAD(csessionlist, csession) csessions; 291 int sesn; 292 struct mtx lock; 293 }; 294 295 static bool use_outputbuffers; 296 SYSCTL_BOOL(_kern_crypto, OID_AUTO, cryptodev_use_output, CTLFLAG_RW, 297 &use_outputbuffers, 0, 298 "Use separate output buffers for /dev/crypto requests."); 299 300 static bool use_separate_aad; 301 SYSCTL_BOOL(_kern_crypto, OID_AUTO, cryptodev_separate_aad, CTLFLAG_RW, 302 &use_separate_aad, 0, 303 "Use separate AAD buffer for /dev/crypto requests."); 304 305 /* 306 * Check a crypto identifier to see if it requested 307 * a software device/driver. This can be done either 308 * by device name/class or through search constraints. 309 */ 310 static int 311 checkforsoftware(int *cridp) 312 { 313 int crid; 314 315 crid = *cridp; 316 317 if (!crypto_devallowsoft) { 318 if (crid & CRYPTOCAP_F_SOFTWARE) { 319 if (crid & CRYPTOCAP_F_HARDWARE) { 320 *cridp = CRYPTOCAP_F_HARDWARE; 321 return 0; 322 } 323 return EINVAL; 324 } 325 if ((crid & CRYPTOCAP_F_HARDWARE) == 0 && 326 (crypto_getcaps(crid) & CRYPTOCAP_F_HARDWARE) == 0) 327 return EINVAL; 328 } 329 return 0; 330 } 331 332 static int 333 cse_create(struct fcrypt *fcr, struct session2_op *sop) 334 { 335 struct crypto_session_params csp; 336 struct csession *cse; 337 const struct enc_xform *txform; 338 const struct auth_hash *thash; 339 void *key = NULL; 340 void *mackey = NULL; 341 crypto_session_t cses; 342 int crid, error; 343 344 switch (sop->cipher) { 345 case 0: 346 txform = NULL; 347 break; 348 case CRYPTO_AES_CBC: 349 txform = &enc_xform_rijndael128; 350 break; 351 case CRYPTO_AES_XTS: 352 txform = &enc_xform_aes_xts; 353 break; 354 case CRYPTO_NULL_CBC: 355 txform = &enc_xform_null; 356 break; 357 case CRYPTO_CAMELLIA_CBC: 358 txform = &enc_xform_camellia; 359 break; 360 case CRYPTO_AES_ICM: 361 txform = &enc_xform_aes_icm; 362 break; 363 case CRYPTO_AES_NIST_GCM_16: 364 txform = &enc_xform_aes_nist_gcm; 365 break; 366 case CRYPTO_CHACHA20: 367 txform = &enc_xform_chacha20; 368 break; 369 case CRYPTO_AES_CCM_16: 370 txform = &enc_xform_ccm; 371 break; 372 case CRYPTO_CHACHA20_POLY1305: 373 txform = &enc_xform_chacha20_poly1305; 374 break; 375 default: 376 CRYPTDEB("invalid cipher"); 377 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 378 return (EINVAL); 379 } 380 381 switch (sop->mac) { 382 case 0: 383 thash = NULL; 384 break; 385 case CRYPTO_POLY1305: 386 thash = &auth_hash_poly1305; 387 break; 388 case CRYPTO_SHA1_HMAC: 389 thash = &auth_hash_hmac_sha1; 390 break; 391 case CRYPTO_SHA2_224_HMAC: 392 thash = &auth_hash_hmac_sha2_224; 393 break; 394 case CRYPTO_SHA2_256_HMAC: 395 thash = &auth_hash_hmac_sha2_256; 396 break; 397 case CRYPTO_SHA2_384_HMAC: 398 thash = &auth_hash_hmac_sha2_384; 399 break; 400 case CRYPTO_SHA2_512_HMAC: 401 thash = &auth_hash_hmac_sha2_512; 402 break; 403 case CRYPTO_RIPEMD160_HMAC: 404 thash = &auth_hash_hmac_ripemd_160; 405 break; 406 #ifdef COMPAT_FREEBSD12 407 case CRYPTO_AES_128_NIST_GMAC: 408 case CRYPTO_AES_192_NIST_GMAC: 409 case CRYPTO_AES_256_NIST_GMAC: 410 /* Should always be paired with GCM. */ 411 if (sop->cipher != CRYPTO_AES_NIST_GCM_16) { 412 CRYPTDEB("GMAC without GCM"); 413 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 414 return (EINVAL); 415 } 416 break; 417 #endif 418 case CRYPTO_AES_NIST_GMAC: 419 switch (sop->mackeylen * 8) { 420 case 128: 421 thash = &auth_hash_nist_gmac_aes_128; 422 break; 423 case 192: 424 thash = &auth_hash_nist_gmac_aes_192; 425 break; 426 case 256: 427 thash = &auth_hash_nist_gmac_aes_256; 428 break; 429 default: 430 CRYPTDEB("invalid GMAC key length"); 431 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 432 return (EINVAL); 433 } 434 break; 435 case CRYPTO_AES_CCM_CBC_MAC: 436 switch (sop->mackeylen) { 437 case 16: 438 thash = &auth_hash_ccm_cbc_mac_128; 439 break; 440 case 24: 441 thash = &auth_hash_ccm_cbc_mac_192; 442 break; 443 case 32: 444 thash = &auth_hash_ccm_cbc_mac_256; 445 break; 446 default: 447 CRYPTDEB("Invalid CBC MAC key size %d", sop->keylen); 448 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 449 return (EINVAL); 450 } 451 break; 452 case CRYPTO_SHA1: 453 thash = &auth_hash_sha1; 454 break; 455 case CRYPTO_SHA2_224: 456 thash = &auth_hash_sha2_224; 457 break; 458 case CRYPTO_SHA2_256: 459 thash = &auth_hash_sha2_256; 460 break; 461 case CRYPTO_SHA2_384: 462 thash = &auth_hash_sha2_384; 463 break; 464 case CRYPTO_SHA2_512: 465 thash = &auth_hash_sha2_512; 466 break; 467 468 case CRYPTO_NULL_HMAC: 469 thash = &auth_hash_null; 470 break; 471 472 case CRYPTO_BLAKE2B: 473 thash = &auth_hash_blake2b; 474 break; 475 case CRYPTO_BLAKE2S: 476 thash = &auth_hash_blake2s; 477 break; 478 479 default: 480 CRYPTDEB("invalid mac"); 481 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 482 return (EINVAL); 483 } 484 485 if (txform == NULL && thash == NULL) { 486 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 487 return (EINVAL); 488 } 489 490 memset(&csp, 0, sizeof(csp)); 491 if (use_outputbuffers) 492 csp.csp_flags |= CSP_F_SEPARATE_OUTPUT; 493 494 if (sop->cipher == CRYPTO_AES_NIST_GCM_16) { 495 switch (sop->mac) { 496 #ifdef COMPAT_FREEBSD12 497 case CRYPTO_AES_128_NIST_GMAC: 498 case CRYPTO_AES_192_NIST_GMAC: 499 case CRYPTO_AES_256_NIST_GMAC: 500 if (sop->keylen != sop->mackeylen) { 501 SDT_PROBE1(opencrypto, dev, ioctl, error, 502 __LINE__); 503 return (EINVAL); 504 } 505 break; 506 #endif 507 case 0: 508 break; 509 default: 510 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 511 return (EINVAL); 512 } 513 csp.csp_mode = CSP_MODE_AEAD; 514 } else if (sop->cipher == CRYPTO_AES_CCM_16) { 515 switch (sop->mac) { 516 #ifdef COMPAT_FREEBSD12 517 case CRYPTO_AES_CCM_CBC_MAC: 518 if (sop->keylen != sop->mackeylen) { 519 SDT_PROBE1(opencrypto, dev, ioctl, error, 520 __LINE__); 521 return (EINVAL); 522 } 523 thash = NULL; 524 break; 525 #endif 526 case 0: 527 break; 528 default: 529 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 530 return (EINVAL); 531 } 532 csp.csp_mode = CSP_MODE_AEAD; 533 } else if (sop->cipher == CRYPTO_CHACHA20_POLY1305) { 534 if (sop->mac != 0) { 535 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 536 return (EINVAL); 537 } 538 csp.csp_mode = CSP_MODE_AEAD; 539 } else if (txform != NULL && thash != NULL) 540 csp.csp_mode = CSP_MODE_ETA; 541 else if (txform != NULL) 542 csp.csp_mode = CSP_MODE_CIPHER; 543 else 544 csp.csp_mode = CSP_MODE_DIGEST; 545 546 switch (csp.csp_mode) { 547 case CSP_MODE_AEAD: 548 case CSP_MODE_ETA: 549 if (use_separate_aad) 550 csp.csp_flags |= CSP_F_SEPARATE_AAD; 551 break; 552 } 553 554 if (txform != NULL) { 555 csp.csp_cipher_alg = txform->type; 556 csp.csp_cipher_klen = sop->keylen; 557 if (sop->keylen > txform->maxkey || 558 sop->keylen < txform->minkey) { 559 CRYPTDEB("invalid cipher parameters"); 560 error = EINVAL; 561 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 562 goto bail; 563 } 564 565 key = malloc(csp.csp_cipher_klen, M_XDATA, M_WAITOK); 566 error = copyin(sop->key, key, csp.csp_cipher_klen); 567 if (error) { 568 CRYPTDEB("invalid key"); 569 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 570 goto bail; 571 } 572 csp.csp_cipher_key = key; 573 csp.csp_ivlen = txform->ivsize; 574 } 575 576 if (thash != NULL) { 577 csp.csp_auth_alg = thash->type; 578 csp.csp_auth_klen = sop->mackeylen; 579 if (sop->mackeylen > thash->keysize || sop->mackeylen < 0) { 580 CRYPTDEB("invalid mac key length"); 581 error = EINVAL; 582 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 583 goto bail; 584 } 585 586 if (csp.csp_auth_klen != 0) { 587 mackey = malloc(csp.csp_auth_klen, M_XDATA, M_WAITOK); 588 error = copyin(sop->mackey, mackey, csp.csp_auth_klen); 589 if (error) { 590 CRYPTDEB("invalid mac key"); 591 SDT_PROBE1(opencrypto, dev, ioctl, error, 592 __LINE__); 593 goto bail; 594 } 595 csp.csp_auth_key = mackey; 596 } 597 598 if (csp.csp_auth_alg == CRYPTO_AES_NIST_GMAC) 599 csp.csp_ivlen = AES_GCM_IV_LEN; 600 if (csp.csp_auth_alg == CRYPTO_AES_CCM_CBC_MAC) 601 csp.csp_ivlen = AES_CCM_IV_LEN; 602 } 603 604 if (sop->ivlen != 0) { 605 if (csp.csp_ivlen == 0) { 606 CRYPTDEB("does not support an IV"); 607 error = EINVAL; 608 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 609 goto bail; 610 } 611 csp.csp_ivlen = sop->ivlen; 612 } 613 if (sop->maclen != 0) { 614 if (!(thash != NULL || csp.csp_mode == CSP_MODE_AEAD)) { 615 CRYPTDEB("does not support a MAC"); 616 error = EINVAL; 617 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 618 goto bail; 619 } 620 csp.csp_auth_mlen = sop->maclen; 621 } 622 623 crid = sop->crid; 624 error = checkforsoftware(&crid); 625 if (error) { 626 CRYPTDEB("checkforsoftware"); 627 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 628 goto bail; 629 } 630 error = crypto_newsession(&cses, &csp, crid); 631 if (error) { 632 CRYPTDEB("crypto_newsession"); 633 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 634 goto bail; 635 } 636 637 cse = malloc(sizeof(struct csession), M_XDATA, M_WAITOK | M_ZERO); 638 mtx_init(&cse->lock, "cryptodev", "crypto session lock", MTX_DEF); 639 refcount_init(&cse->refs, 1); 640 cse->key = key; 641 cse->mackey = mackey; 642 cse->cses = cses; 643 cse->txform = txform; 644 if (sop->maclen != 0) 645 cse->hashsize = sop->maclen; 646 else if (thash != NULL) 647 cse->hashsize = thash->hashsize; 648 else if (csp.csp_cipher_alg == CRYPTO_AES_NIST_GCM_16) 649 cse->hashsize = AES_GMAC_HASH_LEN; 650 else if (csp.csp_cipher_alg == CRYPTO_AES_CCM_16) 651 cse->hashsize = AES_CBC_MAC_HASH_LEN; 652 else if (csp.csp_cipher_alg == CRYPTO_CHACHA20_POLY1305) 653 cse->hashsize = POLY1305_HASH_LEN; 654 cse->ivsize = csp.csp_ivlen; 655 656 mtx_lock(&fcr->lock); 657 TAILQ_INSERT_TAIL(&fcr->csessions, cse, next); 658 cse->ses = fcr->sesn++; 659 mtx_unlock(&fcr->lock); 660 661 sop->ses = cse->ses; 662 663 /* return hardware/driver id */ 664 sop->crid = crypto_ses2hid(cse->cses); 665 bail: 666 if (error) { 667 free(key, M_XDATA); 668 free(mackey, M_XDATA); 669 } 670 return (error); 671 } 672 673 static struct csession * 674 cse_find(struct fcrypt *fcr, u_int ses) 675 { 676 struct csession *cse; 677 678 mtx_lock(&fcr->lock); 679 TAILQ_FOREACH(cse, &fcr->csessions, next) { 680 if (cse->ses == ses) { 681 refcount_acquire(&cse->refs); 682 mtx_unlock(&fcr->lock); 683 return (cse); 684 } 685 } 686 mtx_unlock(&fcr->lock); 687 return (NULL); 688 } 689 690 static void 691 cse_free(struct csession *cse) 692 { 693 694 if (!refcount_release(&cse->refs)) 695 return; 696 crypto_freesession(cse->cses); 697 mtx_destroy(&cse->lock); 698 if (cse->key) 699 free(cse->key, M_XDATA); 700 if (cse->mackey) 701 free(cse->mackey, M_XDATA); 702 free(cse, M_XDATA); 703 } 704 705 static bool 706 cse_delete(struct fcrypt *fcr, u_int ses) 707 { 708 struct csession *cse; 709 710 mtx_lock(&fcr->lock); 711 TAILQ_FOREACH(cse, &fcr->csessions, next) { 712 if (cse->ses == ses) { 713 TAILQ_REMOVE(&fcr->csessions, cse, next); 714 mtx_unlock(&fcr->lock); 715 cse_free(cse); 716 return (true); 717 } 718 } 719 mtx_unlock(&fcr->lock); 720 return (false); 721 } 722 723 static struct cryptop_data * 724 cod_alloc(struct csession *cse, size_t aad_len, size_t len) 725 { 726 struct cryptop_data *cod; 727 728 cod = malloc(sizeof(struct cryptop_data), M_XDATA, M_WAITOK | M_ZERO); 729 730 cod->cse = cse; 731 if (crypto_get_params(cse->cses)->csp_flags & CSP_F_SEPARATE_AAD) { 732 if (aad_len != 0) 733 cod->aad = malloc(aad_len, M_XDATA, M_WAITOK); 734 cod->buf = malloc(len, M_XDATA, M_WAITOK); 735 } else 736 cod->buf = malloc(aad_len + len, M_XDATA, M_WAITOK); 737 if (crypto_get_params(cse->cses)->csp_flags & CSP_F_SEPARATE_OUTPUT) 738 cod->obuf = malloc(len, M_XDATA, M_WAITOK); 739 return (cod); 740 } 741 742 static void 743 cod_free(struct cryptop_data *cod) 744 { 745 746 free(cod->aad, M_XDATA); 747 free(cod->obuf, M_XDATA); 748 free(cod->buf, M_XDATA); 749 free(cod, M_XDATA); 750 } 751 752 static int 753 cryptodev_cb(struct cryptop *crp) 754 { 755 struct cryptop_data *cod = crp->crp_opaque; 756 757 /* 758 * Lock to ensure the wakeup() is not missed by the loops 759 * waiting on cod->done in cryptodev_op() and 760 * cryptodev_aead(). 761 */ 762 mtx_lock(&cod->cse->lock); 763 cod->done = true; 764 mtx_unlock(&cod->cse->lock); 765 wakeup(cod); 766 return (0); 767 } 768 769 static int 770 cryptodev_op(struct csession *cse, const struct crypt_op *cop) 771 { 772 const struct crypto_session_params *csp; 773 struct cryptop_data *cod = NULL; 774 struct cryptop *crp = NULL; 775 char *dst; 776 int error; 777 778 if (cop->len > 256*1024-4) { 779 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 780 return (E2BIG); 781 } 782 783 if (cse->txform) { 784 if ((cop->len % cse->txform->blocksize) != 0) { 785 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 786 return (EINVAL); 787 } 788 } 789 790 if (cop->mac && cse->hashsize == 0) { 791 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 792 return (EINVAL); 793 } 794 795 /* 796 * The COP_F_CIPHER_FIRST flag predates explicit session 797 * modes, but the only way it was used was for EtA so allow it 798 * as long as it is consistent with EtA. 799 */ 800 if (cop->flags & COP_F_CIPHER_FIRST) { 801 if (cop->op != COP_ENCRYPT) { 802 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 803 return (EINVAL); 804 } 805 } 806 807 cod = cod_alloc(cse, 0, cop->len + cse->hashsize); 808 dst = cop->dst; 809 810 crp = crypto_getreq(cse->cses, M_WAITOK); 811 812 error = copyin(cop->src, cod->buf, cop->len); 813 if (error) { 814 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 815 goto bail; 816 } 817 crp->crp_payload_start = 0; 818 crp->crp_payload_length = cop->len; 819 if (cse->hashsize) 820 crp->crp_digest_start = cop->len; 821 822 csp = crypto_get_params(cse->cses); 823 switch (csp->csp_mode) { 824 case CSP_MODE_COMPRESS: 825 switch (cop->op) { 826 case COP_ENCRYPT: 827 crp->crp_op = CRYPTO_OP_COMPRESS; 828 break; 829 case COP_DECRYPT: 830 crp->crp_op = CRYPTO_OP_DECOMPRESS; 831 break; 832 default: 833 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 834 error = EINVAL; 835 goto bail; 836 } 837 break; 838 case CSP_MODE_CIPHER: 839 if (cop->len == 0 || 840 (cop->iv == NULL && cop->len == cse->ivsize)) { 841 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 842 error = EINVAL; 843 goto bail; 844 } 845 switch (cop->op) { 846 case COP_ENCRYPT: 847 crp->crp_op = CRYPTO_OP_ENCRYPT; 848 break; 849 case COP_DECRYPT: 850 crp->crp_op = CRYPTO_OP_DECRYPT; 851 break; 852 default: 853 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 854 error = EINVAL; 855 goto bail; 856 } 857 break; 858 case CSP_MODE_DIGEST: 859 switch (cop->op) { 860 case 0: 861 case COP_ENCRYPT: 862 case COP_DECRYPT: 863 crp->crp_op = CRYPTO_OP_COMPUTE_DIGEST; 864 if (cod->obuf != NULL) 865 crp->crp_digest_start = 0; 866 break; 867 default: 868 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 869 error = EINVAL; 870 goto bail; 871 } 872 break; 873 case CSP_MODE_AEAD: 874 if (cse->ivsize != 0 && cop->iv == NULL) { 875 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 876 error = EINVAL; 877 goto bail; 878 } 879 /* FALLTHROUGH */ 880 case CSP_MODE_ETA: 881 switch (cop->op) { 882 case COP_ENCRYPT: 883 crp->crp_op = CRYPTO_OP_ENCRYPT | 884 CRYPTO_OP_COMPUTE_DIGEST; 885 break; 886 case COP_DECRYPT: 887 crp->crp_op = CRYPTO_OP_DECRYPT | 888 CRYPTO_OP_VERIFY_DIGEST; 889 break; 890 default: 891 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 892 error = EINVAL; 893 goto bail; 894 } 895 break; 896 default: 897 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 898 error = EINVAL; 899 goto bail; 900 } 901 902 crp->crp_flags = CRYPTO_F_CBIMM | (cop->flags & COP_F_BATCH); 903 crypto_use_buf(crp, cod->buf, cop->len + cse->hashsize); 904 if (cod->obuf) 905 crypto_use_output_buf(crp, cod->obuf, cop->len + cse->hashsize); 906 crp->crp_callback = cryptodev_cb; 907 crp->crp_opaque = cod; 908 909 if (cop->iv) { 910 if (cse->ivsize == 0) { 911 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 912 error = EINVAL; 913 goto bail; 914 } 915 error = copyin(cop->iv, crp->crp_iv, cse->ivsize); 916 if (error) { 917 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 918 goto bail; 919 } 920 crp->crp_flags |= CRYPTO_F_IV_SEPARATE; 921 } else if (cse->ivsize != 0) { 922 if (crp->crp_payload_length < cse->ivsize) { 923 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 924 error = EINVAL; 925 goto bail; 926 } 927 crp->crp_iv_start = 0; 928 crp->crp_payload_length -= cse->ivsize; 929 if (crp->crp_payload_length != 0) 930 crp->crp_payload_start = cse->ivsize; 931 dst += cse->ivsize; 932 } 933 934 if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) { 935 error = copyin(cop->mac, cod->buf + crp->crp_digest_start, 936 cse->hashsize); 937 if (error) { 938 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 939 goto bail; 940 } 941 } 942 again: 943 /* 944 * Let the dispatch run unlocked, then, interlock against the 945 * callback before checking if the operation completed and going 946 * to sleep. This insures drivers don't inherit our lock which 947 * results in a lock order reversal between crypto_dispatch forced 948 * entry and the crypto_done callback into us. 949 */ 950 error = crypto_dispatch(crp); 951 if (error != 0) { 952 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 953 goto bail; 954 } 955 956 mtx_lock(&cse->lock); 957 while (!cod->done) 958 mtx_sleep(cod, &cse->lock, PWAIT, "crydev", 0); 959 mtx_unlock(&cse->lock); 960 961 if (crp->crp_etype == EAGAIN) { 962 crp->crp_etype = 0; 963 crp->crp_flags &= ~CRYPTO_F_DONE; 964 cod->done = false; 965 goto again; 966 } 967 968 if (crp->crp_etype != 0) { 969 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 970 error = crp->crp_etype; 971 goto bail; 972 } 973 974 if (cop->dst != NULL) { 975 error = copyout(cod->obuf != NULL ? cod->obuf : 976 cod->buf + crp->crp_payload_start, dst, 977 crp->crp_payload_length); 978 if (error) { 979 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 980 goto bail; 981 } 982 } 983 984 if (cop->mac != NULL && (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) == 0) { 985 error = copyout((cod->obuf != NULL ? cod->obuf : cod->buf) + 986 crp->crp_digest_start, cop->mac, cse->hashsize); 987 if (error) { 988 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 989 goto bail; 990 } 991 } 992 993 bail: 994 crypto_freereq(crp); 995 cod_free(cod); 996 997 return (error); 998 } 999 1000 static int 1001 cryptodev_aead(struct csession *cse, struct crypt_aead *caead) 1002 { 1003 const struct crypto_session_params *csp; 1004 struct cryptop_data *cod = NULL; 1005 struct cryptop *crp = NULL; 1006 char *dst; 1007 int error; 1008 1009 if (caead->len > 256*1024-4 || caead->aadlen > 256*1024-4) { 1010 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1011 return (E2BIG); 1012 } 1013 1014 if (cse->txform == NULL || cse->hashsize == 0 || caead->tag == NULL || 1015 (caead->len % cse->txform->blocksize) != 0) { 1016 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1017 return (EINVAL); 1018 } 1019 1020 /* 1021 * The COP_F_CIPHER_FIRST flag predates explicit session 1022 * modes, but the only way it was used was for EtA so allow it 1023 * as long as it is consistent with EtA. 1024 */ 1025 if (caead->flags & COP_F_CIPHER_FIRST) { 1026 if (caead->op != COP_ENCRYPT) { 1027 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1028 return (EINVAL); 1029 } 1030 } 1031 1032 cod = cod_alloc(cse, caead->aadlen, caead->len + cse->hashsize); 1033 dst = caead->dst; 1034 1035 crp = crypto_getreq(cse->cses, M_WAITOK); 1036 1037 if (cod->aad != NULL) 1038 error = copyin(caead->aad, cod->aad, caead->aadlen); 1039 else 1040 error = copyin(caead->aad, cod->buf, caead->aadlen); 1041 if (error) { 1042 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1043 goto bail; 1044 } 1045 crp->crp_aad = cod->aad; 1046 crp->crp_aad_start = 0; 1047 crp->crp_aad_length = caead->aadlen; 1048 1049 if (cod->aad != NULL) 1050 crp->crp_payload_start = 0; 1051 else 1052 crp->crp_payload_start = caead->aadlen; 1053 error = copyin(caead->src, cod->buf + crp->crp_payload_start, 1054 caead->len); 1055 if (error) { 1056 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1057 goto bail; 1058 } 1059 crp->crp_payload_length = caead->len; 1060 if (caead->op == COP_ENCRYPT && cod->obuf != NULL) 1061 crp->crp_digest_start = crp->crp_payload_output_start + 1062 caead->len; 1063 else 1064 crp->crp_digest_start = crp->crp_payload_start + caead->len; 1065 1066 csp = crypto_get_params(cse->cses); 1067 switch (csp->csp_mode) { 1068 case CSP_MODE_AEAD: 1069 case CSP_MODE_ETA: 1070 switch (caead->op) { 1071 case COP_ENCRYPT: 1072 crp->crp_op = CRYPTO_OP_ENCRYPT | 1073 CRYPTO_OP_COMPUTE_DIGEST; 1074 break; 1075 case COP_DECRYPT: 1076 crp->crp_op = CRYPTO_OP_DECRYPT | 1077 CRYPTO_OP_VERIFY_DIGEST; 1078 break; 1079 default: 1080 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1081 error = EINVAL; 1082 goto bail; 1083 } 1084 break; 1085 default: 1086 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1087 error = EINVAL; 1088 goto bail; 1089 } 1090 1091 crp->crp_flags = CRYPTO_F_CBIMM | (caead->flags & COP_F_BATCH); 1092 crypto_use_buf(crp, cod->buf, crp->crp_payload_start + caead->len + 1093 cse->hashsize); 1094 if (cod->obuf != NULL) 1095 crypto_use_output_buf(crp, cod->obuf, caead->len + 1096 cse->hashsize); 1097 crp->crp_callback = cryptodev_cb; 1098 crp->crp_opaque = cod; 1099 1100 if (caead->iv) { 1101 /* 1102 * Permit a 16-byte IV for AES-XTS, but only use the 1103 * first 8 bytes as a block number. 1104 */ 1105 if (csp->csp_mode == CSP_MODE_ETA && 1106 csp->csp_cipher_alg == CRYPTO_AES_XTS && 1107 caead->ivlen == AES_BLOCK_LEN) 1108 caead->ivlen = AES_XTS_IV_LEN; 1109 1110 if (cse->ivsize == 0) { 1111 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1112 error = EINVAL; 1113 goto bail; 1114 } 1115 if (caead->ivlen != cse->ivsize) { 1116 error = EINVAL; 1117 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1118 goto bail; 1119 } 1120 1121 error = copyin(caead->iv, crp->crp_iv, cse->ivsize); 1122 if (error) { 1123 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1124 goto bail; 1125 } 1126 crp->crp_flags |= CRYPTO_F_IV_SEPARATE; 1127 } else { 1128 error = EINVAL; 1129 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1130 goto bail; 1131 } 1132 1133 if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) { 1134 error = copyin(caead->tag, cod->buf + crp->crp_digest_start, 1135 cse->hashsize); 1136 if (error) { 1137 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1138 goto bail; 1139 } 1140 } 1141 again: 1142 /* 1143 * Let the dispatch run unlocked, then, interlock against the 1144 * callback before checking if the operation completed and going 1145 * to sleep. This insures drivers don't inherit our lock which 1146 * results in a lock order reversal between crypto_dispatch forced 1147 * entry and the crypto_done callback into us. 1148 */ 1149 error = crypto_dispatch(crp); 1150 if (error != 0) { 1151 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1152 goto bail; 1153 } 1154 1155 mtx_lock(&cse->lock); 1156 while (!cod->done) 1157 mtx_sleep(cod, &cse->lock, PWAIT, "crydev", 0); 1158 mtx_unlock(&cse->lock); 1159 1160 if (crp->crp_etype == EAGAIN) { 1161 crp->crp_etype = 0; 1162 crp->crp_flags &= ~CRYPTO_F_DONE; 1163 cod->done = false; 1164 goto again; 1165 } 1166 1167 if (crp->crp_etype != 0) { 1168 error = crp->crp_etype; 1169 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1170 goto bail; 1171 } 1172 1173 if (caead->dst != NULL) { 1174 error = copyout(cod->obuf != NULL ? cod->obuf : 1175 cod->buf + crp->crp_payload_start, dst, 1176 crp->crp_payload_length); 1177 if (error) { 1178 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1179 goto bail; 1180 } 1181 } 1182 1183 if ((crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) == 0) { 1184 error = copyout((cod->obuf != NULL ? cod->obuf : cod->buf) + 1185 crp->crp_digest_start, caead->tag, cse->hashsize); 1186 if (error) { 1187 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1188 goto bail; 1189 } 1190 } 1191 1192 bail: 1193 crypto_freereq(crp); 1194 cod_free(cod); 1195 1196 return (error); 1197 } 1198 1199 static int 1200 cryptodev_find(struct crypt_find_op *find) 1201 { 1202 device_t dev; 1203 size_t fnlen = sizeof find->name; 1204 1205 if (find->crid != -1) { 1206 dev = crypto_find_device_byhid(find->crid); 1207 if (dev == NULL) 1208 return (ENOENT); 1209 strncpy(find->name, device_get_nameunit(dev), fnlen); 1210 find->name[fnlen - 1] = '\x0'; 1211 } else { 1212 find->name[fnlen - 1] = '\x0'; 1213 find->crid = crypto_find_driver(find->name); 1214 if (find->crid == -1) 1215 return (ENOENT); 1216 } 1217 return (0); 1218 } 1219 1220 static void 1221 fcrypt_dtor(void *data) 1222 { 1223 struct fcrypt *fcr = data; 1224 struct csession *cse; 1225 1226 while ((cse = TAILQ_FIRST(&fcr->csessions))) { 1227 TAILQ_REMOVE(&fcr->csessions, cse, next); 1228 KASSERT(refcount_load(&cse->refs) == 1, 1229 ("%s: crypto session %p with %d refs", __func__, cse, 1230 refcount_load(&cse->refs))); 1231 cse_free(cse); 1232 } 1233 mtx_destroy(&fcr->lock); 1234 free(fcr, M_XDATA); 1235 } 1236 1237 static int 1238 crypto_open(struct cdev *dev, int oflags, int devtype, struct thread *td) 1239 { 1240 struct fcrypt *fcr; 1241 int error; 1242 1243 fcr = malloc(sizeof(struct fcrypt), M_XDATA, M_WAITOK | M_ZERO); 1244 TAILQ_INIT(&fcr->csessions); 1245 mtx_init(&fcr->lock, "fcrypt", NULL, MTX_DEF); 1246 error = devfs_set_cdevpriv(fcr, fcrypt_dtor); 1247 if (error) 1248 fcrypt_dtor(fcr); 1249 return (error); 1250 } 1251 1252 static int 1253 crypto_ioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag, 1254 struct thread *td) 1255 { 1256 struct fcrypt *fcr; 1257 struct csession *cse; 1258 struct session2_op *sop; 1259 struct crypt_op *cop; 1260 struct crypt_aead *caead; 1261 uint32_t ses; 1262 int error = 0; 1263 union { 1264 struct session2_op sopc; 1265 #ifdef COMPAT_FREEBSD32 1266 struct crypt_op copc; 1267 struct crypt_aead aeadc; 1268 #endif 1269 } thunk; 1270 #ifdef COMPAT_FREEBSD32 1271 u_long cmd32; 1272 void *data32; 1273 1274 cmd32 = 0; 1275 data32 = NULL; 1276 switch (cmd) { 1277 case CIOCGSESSION32: 1278 cmd32 = cmd; 1279 data32 = data; 1280 cmd = CIOCGSESSION; 1281 data = (void *)&thunk.sopc; 1282 session_op_from_32((struct session_op32 *)data32, &thunk.sopc); 1283 break; 1284 case CIOCGSESSION232: 1285 cmd32 = cmd; 1286 data32 = data; 1287 cmd = CIOCGSESSION2; 1288 data = (void *)&thunk.sopc; 1289 session2_op_from_32((struct session2_op32 *)data32, 1290 &thunk.sopc); 1291 break; 1292 case CIOCCRYPT32: 1293 cmd32 = cmd; 1294 data32 = data; 1295 cmd = CIOCCRYPT; 1296 data = (void *)&thunk.copc; 1297 crypt_op_from_32((struct crypt_op32 *)data32, &thunk.copc); 1298 break; 1299 case CIOCCRYPTAEAD32: 1300 cmd32 = cmd; 1301 data32 = data; 1302 cmd = CIOCCRYPTAEAD; 1303 data = (void *)&thunk.aeadc; 1304 crypt_aead_from_32((struct crypt_aead32 *)data32, &thunk.aeadc); 1305 break; 1306 } 1307 #endif 1308 1309 devfs_get_cdevpriv((void **)&fcr); 1310 1311 switch (cmd) { 1312 #ifdef COMPAT_FREEBSD12 1313 case CRIOGET: 1314 /* 1315 * NB: This may fail in cases that the old 1316 * implementation did not if the current process has 1317 * restricted filesystem access (e.g. running in a 1318 * jail that does not expose /dev/crypto or in 1319 * capability mode). 1320 */ 1321 error = kern_openat(td, AT_FDCWD, "/dev/crypto", UIO_SYSSPACE, 1322 O_RDWR, 0); 1323 if (error == 0) 1324 *(uint32_t *)data = td->td_retval[0]; 1325 break; 1326 #endif 1327 case CIOCGSESSION: 1328 case CIOCGSESSION2: 1329 if (cmd == CIOCGSESSION) { 1330 session2_op_from_op((void *)data, &thunk.sopc); 1331 sop = &thunk.sopc; 1332 } else 1333 sop = (struct session2_op *)data; 1334 1335 error = cse_create(fcr, sop); 1336 if (cmd == CIOCGSESSION && error == 0) 1337 session2_op_to_op(sop, (void *)data); 1338 break; 1339 case CIOCFSESSION: 1340 ses = *(uint32_t *)data; 1341 if (!cse_delete(fcr, ses)) { 1342 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1343 return (EINVAL); 1344 } 1345 break; 1346 case CIOCCRYPT: 1347 cop = (struct crypt_op *)data; 1348 cse = cse_find(fcr, cop->ses); 1349 if (cse == NULL) { 1350 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1351 return (EINVAL); 1352 } 1353 error = cryptodev_op(cse, cop); 1354 cse_free(cse); 1355 break; 1356 case CIOCFINDDEV: 1357 error = cryptodev_find((struct crypt_find_op *)data); 1358 break; 1359 case CIOCCRYPTAEAD: 1360 caead = (struct crypt_aead *)data; 1361 cse = cse_find(fcr, caead->ses); 1362 if (cse == NULL) { 1363 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1364 return (EINVAL); 1365 } 1366 error = cryptodev_aead(cse, caead); 1367 cse_free(cse); 1368 break; 1369 default: 1370 error = EINVAL; 1371 SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); 1372 break; 1373 } 1374 1375 #ifdef COMPAT_FREEBSD32 1376 switch (cmd32) { 1377 case CIOCGSESSION32: 1378 if (error == 0) 1379 session_op_to_32((void *)data, data32); 1380 break; 1381 case CIOCGSESSION232: 1382 if (error == 0) 1383 session2_op_to_32((void *)data, data32); 1384 break; 1385 case CIOCCRYPT32: 1386 if (error == 0) 1387 crypt_op_to_32((void *)data, data32); 1388 break; 1389 case CIOCCRYPTAEAD32: 1390 if (error == 0) 1391 crypt_aead_to_32((void *)data, data32); 1392 break; 1393 } 1394 #endif 1395 return (error); 1396 } 1397 1398 static struct cdevsw crypto_cdevsw = { 1399 .d_version = D_VERSION, 1400 .d_open = crypto_open, 1401 .d_ioctl = crypto_ioctl, 1402 .d_name = "crypto", 1403 }; 1404 static struct cdev *crypto_dev; 1405 1406 /* 1407 * Initialization code, both for static and dynamic loading. 1408 */ 1409 static int 1410 cryptodev_modevent(module_t mod, int type, void *unused) 1411 { 1412 switch (type) { 1413 case MOD_LOAD: 1414 if (bootverbose) 1415 printf("crypto: <crypto device>\n"); 1416 crypto_dev = make_dev(&crypto_cdevsw, 0, 1417 UID_ROOT, GID_WHEEL, 0666, 1418 "crypto"); 1419 return 0; 1420 case MOD_UNLOAD: 1421 /*XXX disallow if active sessions */ 1422 destroy_dev(crypto_dev); 1423 return 0; 1424 } 1425 return EINVAL; 1426 } 1427 1428 static moduledata_t cryptodev_mod = { 1429 "cryptodev", 1430 cryptodev_modevent, 1431 0 1432 }; 1433 MODULE_VERSION(cryptodev, 1); 1434 DECLARE_MODULE(cryptodev, cryptodev_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 1435 MODULE_DEPEND(cryptodev, crypto, 1, 1, 1); 1436 MODULE_DEPEND(cryptodev, zlib, 1, 1, 1); 1437